From 1305baf1857f1c4d9e7c4b56b9a0100ca79b95d9 Mon Sep 17 00:00:00 2001
From: des <des@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Mon, 29 Apr 2013 20:16:00 +0000
Subject: [PATCH] Fix a bug that allows NFS clients to issue READDIR on files.

PR:		kern/178016
Security:	CVE-2013-3266
Security:	FreeBSD-SA-13:05.nfsserver
Approved by:	so


git-svn-id: svn://svn.freebsd.org/base/releng/9.1@250061 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 sys/fs/nfsserver/nfs_nfsdport.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c
index 63b18220..16882b8f 100644
--- a/sys/fs/nfsserver/nfs_nfsdport.c
+++ b/sys/fs/nfsserver/nfs_nfsdport.c
@@ -1574,6 +1574,8 @@ nfsrvd_readdir(struct nfsrv_descript *nd, int isdgram,
 			nd->nd_repstat = NFSERR_BAD_COOKIE;
 #endif
 	}
+	if (!nd->nd_repstat && vp->v_type != VDIR)
+		nd->nd_repstat = NFSERR_NOTDIR;
 	if (nd->nd_repstat == 0 && cnt == 0) {
 		if (nd->nd_flag & ND_NFSV2)
 			/* NFSv2 does not have NFSERR_TOOSMALL */
-- 
2.42.0